CVE-2009-2482
First published: Thu Jul 16 2009(Updated: )
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetBSD current | =4.0 | |
| NetBSD current | =4.0-beta | |
| NetBSD current | =4.0-beta2 | |
| NetBSD current | =4.0.1 | |
| NetBSD current | =4.1 | |
| NetBSD current | =5.0 | |
| NetBSD current | =5.0-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2482?
CVE-2009-2482 is considered a high severity vulnerability as it allows local users to change the root password.
How do I fix CVE-2009-2482?
To fix CVE-2009-2482, you should upgrade to NetBSD version 4.0.2 or later, or 5.0.1 or later.
Who is affected by CVE-2009-2482?
CVE-2009-2482 affects local users of NetBSD 4.0, 4.0-beta, 4.0-beta2, 4.0.1, 4.1, 5.0, and 5.0-rc3.
What systems does CVE-2009-2482 impact?
CVE-2009-2482 impacts NetBSD operating systems prior to the specified fixed versions.
Can I exploit CVE-2009-2482 remotely?
No, CVE-2009-2482 can only be exploited locally by users who already know the current root password.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/4.0
- version/netbsd current/4.0-beta
- version/netbsd current/4.0-beta2
- version/netbsd current/4.0.1
- version/netbsd current/4.1
- version/netbsd current/5.0
- version/netbsd current/5.0-rc3